Introduction
Do you think you’re safe if you type https :// before paypal.com? I hope you’ll think twice before you login from a computer connected to a wireless network after reading this guide. Let’s start at the beginning. Let’s say you have an evil neighbour who wants your paypal credentials. He buys himself a nice laptop with a wireless card and, if you are using a wep encryption, he cracks your wep code (click here to see how). After cracking the key he logs into your network. Maybe you always allowed him to use your network because you thought it can’t do any harm to your computer. You aren’t sharing any folders so what’s the problem? Well, in the next few steps I’m going to describe the problem.
The guide
1. Let’s assume your neighbour uses linux to crack your wep key. After cracking it, he installs ettercap (http://ettercap.sourceforge.net/) on his linux system. If you want to do this at home, I would recommend you to download BackTrack because it already has everything installed. Look at the WEP cracking guide I mentioned above for more info about BackTrack. If you want to install it on your own linux distribution, download the source and install it with the following commands:
$ tar -xzvf ettercap-version.tar.gz
$ make
$ make install
2. After installing, you need to uncomment some code to enable SSL dissection. Open up a terminal window and type “nano /usr/local/etc/etter.conf”, without the quotes. Scroll down using your arrow keys until you find this piece of code:
# if you use iptables:
# redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
# redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
You need to uncomment the last two lines.
# if you use iptables:
redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
3. Press CTRL+O, press enter to safe the file and then press CTRL+X.
4. Boot Ettercap and click on Sniff > Unified Sniffing > type in your wireless interface and press ok.
5. Press CTRL+S to scan for hosts
6. Go to MITM > ARP poisoning, select sniff remote connections and press ok.
7. Now you (and your neighbour!) can start sniffing! Press start > start sniffing. Walk to another computer on your network and open up paypal or any other site where you need to type in an username/password (gmail, hotmail, digg.com, etc.). All credentials will appear on the computer running Ettercap!
8. When you’re done, don’t just close Ettercap, but go to Start > Stop Sniffing, and then go to MITM > Stop mitm attack(s).
But how does all this stuff work?
Look at the following scheme:
Normally when you type in a password, host 1 (your computer) directly connects to host 2 (your modem or router). But if someone launced Ettercap on your network, host 1 isn’t sending it’s passwords to host 2, but to the Attacking host, the host that’s running Ettercap! The attacking host sends everything to Host 2. This means that host 1 isn’t noticing anything! Exactly the same happens with everything that host 2 is sending. Host 2 doesn’t send packets directly to host 1, but forst to the attacking host.
Hallo,
I’m not sure if you are German or not. If not I understand why your translation is so nasty—you must have it translated.
Maybe you should get someone who help you to correct the grammar mistake.
Have fun..
maceinkler doesnt know what he’s talking about. I understood it fine and thank you for writing it for everyone to enjoy!
It’s all in the name…
very good tutorial.
A+++
hopefully everyone will notice how insecure WEP is and get rid of it.
not only that but maybe sites such as paypal will develop a way to prevent this problem.
but then again, there’ll always be people like us to step in and ravage it until they break into it.
but without us who would notice?
DS
maceinkler should just die for God sakes!
Well done, what a very good tutorial.
I required DepositFiles.com user name and password
please reply me
hi. i want to find a pass of a person… just because this person is those person who laugh about the other, who spends his life doing bad for everyone, and now, I wanted to laughing in ‘it’s’ face… please can you help me? I’d like to get the pass of hi5 of this person… just make this person see that should not do this things to the others… please help me to find this pass… if you want, i can tell you the e-mail of this person… i just want this pass… CAN YOU HELP ME PLEASE?
this is my e-mail, please reply to it
xipicau_123@hotmail.com
thanks *
Would just like some clarification on this if possible. This is a) only a viable option if the pc you are trying to sniff is on wireless? and b) would require that the computer be using DHCP I assume? I’m simply wondering I can understand that it could sniff the packet out off the air literally but I don’t understand how it could force my connection to route information to it instead of the gateway.